Now that the value is cached on the stack,
`array_of_permitted_scalars_filter` is exactly the same as
`array_of_permitted_scalars?`, so lets just have one

this way the method doesn't have to know what the new params object is,
it just yields to a block.  This change also caches the value of
`self[key]` on the stack

We should disconnect `array_of_permitted_scalars_filter` from the
instance so that we can make hash filtering functional.  For now, pull
the conditional up out of that method

`ActionController::Parameters#to_h` returns a hash, so lets have
`ActionController::Parameters#to_unsafe_h` return a hash instead of
an `ActiveSupport::HashWithIndifferentAccess` for consistency.

This is another take at #14384 as we decided to wait until `master` is
targeting Rails 5.0. This commit is implementation-complete, as it
guarantees that all the public methods on the hash-inherited Parameters
are still working (based on test case). We can decide to follow-up later
if we want to remove some methods out from Parameters.

The current implementation of ActionController::Parameters.const_missing
returns `ActionController::Parameters.always_permitted_parameters` even
if its `super` returns a constant without raising error. This prevents its
subclass in a autoloading module/class from taking advantage of
autoloading constants.

    class SomeParameters < ActionController::Parameters
      def do_something
        DefinedSomewhere.do_something
      end
    end

In the code above, `DefinedSomewhere` is to be autoloaded with
`Module.const_missing` but `ActionController::Parameters.const_missing`
returns `always_permitted_parameters` instead of the autoloaded
constant.

This pull request fixes the issue respecting `const_missing`'s `super`.

Removed non-standard and unused require 'active_support/deprecation' from parts out of active_support.

This reverts commit da5cc10e.

Fixes #18091

See also https://github.com/rails/rails/pull/18003#commitcomment-9030909

As suggested in #16299([1]), this method should be a new public API for
retrieving unfiltered parameters from `ActionController::Parameters`
object, given that `Parameters#to_hash` will no longer work in Rails
5.0+ as we stop inheriting `Parameters` from `Hash`.

[1]: https://github.com/rails/rails/pull/16299#issuecomment-50220919

As discussed in #16299[1], this attribute is not thread safe and could
potentially create a security issue.

[1]: https://github.com/rails/rails/pull/16299#discussion_r15424533

The current style for warning messages without newlines uses
concatenation of string literals with manual trailing spaces
where needed.

Heredocs have better readability, and with `squish` we can still
produce a single line.

This is a similar use case to the one that motivated defining
`strip_heredoc`, heredocs are super clean.

Ruby 1.9.3 does not implement Hash#to_h, so we can't call `super` on it.

* `each`
* `each_pair`
* `delete`
* `select!`

This is to make sure that `permitted` status is maintained on the
resulting object.

I found these methods that needs to be redefined by looking for
`self.class.new` in the code.

* extract!
* transform_keys
* transform_values

`ActionController::Parameters#to_h` now returns a `Hash` with
unpermitted keys removed. This change is to reflect on a security
concern where some method performed on an `ActionController::Parameters`
may yield a `Hash` object which does not maintain `permitted?` status.
If you would like to get a `Hash` with all the keys intact, duplicate
and mark it as permitted before calling `#to_h`.

    params = ActionController::Parameters.new(name: 'Senjougahara Hitagi')
    params.to_h # => {}

    unsafe_params = params.dup.permit!
    unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"}

    safe_params = params.permit(:name)
    safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}

This change is consider a stopgap as we cannot chage the code to stop
`ActionController::Parameters` to inherit from
`HashWithIndifferentAccess` in the next minor release.

Also, adding a CHANGELOG entry to mention that
`ActionController::Parameters` will not inheriting from
`HashWithIndifferentAccess` in the next major version.

* General style fixes.
* Add changes to configuration guide.
* Add missing tests.

* This commit adds back the always_permitted_parameters
  configuration option to strong paramaters.
* The initial pull requests where this feature was added
  are the following:
  - https://github.com/rails/rails/pull/12682
  - https://github.com/rails/strong_parameters/pull/174

Fixes #15685.

We cannot cache keys because arrays are mutable. We rather want to cache
the arrays. This behaviour is tailor-made for the usage pattern strongs
params is designed for.

In a forthcoming commit I am going to add a test that covers why we need
to cache by value.

Every strong params instance has a live span of a request, the cache goes
away with the object. Since strong params have such a concrete intention,
it would be interesting to see if there are actually any real-world use
cases that are an actual leak, one that practically may matter.

I am not convinced that the theoretical leak has any practical consequences,
but if it can be shown there are, then I believe we should either get rid of
the cache (which is an optimization), or else wipe it in the mutating API.

This reverts commit e63be276.

Per convention, underscore-only argument names should be used for unused parameters.

memory leak demonstrated on @tenderlove's latest blog post:

http://tenderlovemaking.com/2014/06/02/yagni-methods-are-killing-me.html

- accepts_nested_attribute_for -> accepts_nested_attributes_for

Simple Sungularize ActionController::UnpermittedParameters error in case when only 1 parameter is unpermitted.

AC::Parameters#fetch was refactored in 7171111d to prevent self mutation, but
in doing so it hardcodes logic #convert_hashes_to_parameters is supposed to
encapsulate.

Better leave the delegation, and add a way to avoid mutating self in there.

This reverts commit c2b5a8e6, reversing
changes made to 1918b12c.

See: https://github.com/rails/rails/pull/9660#issuecomment-27627493

closes #12149